Software updates – the march of progress?

Security_thumb1 Once a week or so, depending on my schedule and the state of current events, I try to summarize the ongoing state of software updates, focusing primarily on OS, Browsers, and Adobe-related software. I missed last week, and a lot of things have piled up since the last update!

Keeping your software up to date is really important these days. There is big money in organized crime, seeking to compromise computers and gain access to your personal information – especially banking information. These malicious entities seek to gain a foothold in your computer by exploiting known vulnerabilities in popular software. As a result, something as benign as visiting a web site, opening an image, or playing a music file can lead to a compromised system, if your software has un-patched vulnerabilities.

So, keep that software up to date!

We’ll start this week with a bit of good news on the OS front, for those Apple customers who have migrated to the latest version of their OS.

 

Apple Mac OS X 10.6.2 (Snow Leopard) Updates:

Apple has released a Snow Leopard update that fixes a number of problems customers have reported, including patching a large number of security flaws in the firewall, Apache services, Apple Type Services (font handling), graphics and media services; the list goes on and on. You can read about it here.

Perhaps more exciting for users of Adobe Photoshop: John Nack has reported that the Photoshop team has been working with Apple, and this updated fixes a number of issues with Photoshop:

Affecting multiple versions of Photoshop:

  • 50654: When opening and saving, applications–including Adobe applications–may sporadically crash
  • 51230: Images don’t open when dragged onto the Adobe program icon in the Dock
  • 51220: Crash or program error occurs when using Menlo font in Photoshop and Premiere CS3 and CS4

CS4-specific:

  • 51764: Only one image opens when many are dragged onto Photoshop’s icon
  • 51278: Cursors don’t display correctly in Photoshop CS4
  • 51339: Editing in Photoshop CS4 fails from 64-bit Lightroom in Mac OS X 10.6
  • Cannot drag from Safari onto Photoshop icon (and other application icons) in Dock to open file

 

Whether you get this update for security or for the Photoshop fixes, get it!

Browser Updates:

Opera – version 10.1 was released at the end of October, and this update combined a series of user experience features with a few security updates that I would consider critical. From the Opera changelog page:

  • Fixed an issue where certain domain names could allow execution of arbitrary code
  • Fixed an issue where scripts can run on the feed subscription page
  • Fixed an issue where Web fonts could be used to spoof the page address
  • Fixed a security issue; details will be disclosed at a later date.
  • These are all flaws that could result in a malicious user or site compromising your system. The last one listed seems especially concerning, sinc edetails aren’t being released. If you’re using Opera, make sure to install this update as soon as possible.

    Firefox – Although version 3.5.4 was only recently released, the team at Mozilla.com has pushed out a new verison 3.5.5. This update contains several stability fixes, and in looking at the bug reports, the issues address browser crashes – typically the first place that hackers look for opportunities to gain access into your system. Firefox has pushed out this change, so you should see it automatically; if not, please visit www.mozilla.com and get the update.

    Note also that for users who are still using the 3.0 version of Firefox, this has also been updated from 3.0.14 to 3.0.15 as of the end of October.

    Java Updates:

    Java 6 Update 17 was released on 11/4/2009. This release contains fixes for 23 security vulnerabilities. If you have the Java virtual machine installed on your system, this update is highly recommended.

    Adobe Software Updates:

    Photoshop Elements for Windows, version 7 and version 8, have a potential privilege escalation problem. This means that a user could gain administrator privileges by exploiting this vulnerability. Adobe has not patched the software yet, but they have provided a workaround to mitigate the risk.

    Shockwave Player 11.5.1.601 and earlier have critical vulnerabilities that could allow a malicious attacker to run arbitrary code on your system. Chances are you’re not using Shockwave anymore (it is generally superseded by Flash), but if you do have it, please upgrade to the latest version 11.5.2.602.

     

    That’s all for this week! Keep your software up to date, and keep safe!

    Leave a Reply

    Close Menu